There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
An attacker sends specially crafted UDP packets to port 8211, handled by the PAPI protocol (Aruba's Access Point management protocol). These packets trigger a stack-based buffer overflow (CWE-121) in the Central Communications service. Successful exploitation of the vulnerability requires no authentication or user interaction.
An attacker can execute arbitrary code with privileged user rights at the operating system level of the device. In practice, this means complete takeover of the vulnerable network device.
Patches available from the manufacturer should be applied according to the references: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04647en_us and https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt. As an additional remedial measure, it is recommended to restrict access to UDP port 8211 (PAPI) exclusively to trusted sources at the firewall level.
ArubaNetworks ArubaOS and HP InstantOS products – specific versions indicated in the manufacturer's references (ARUBA-PSA-2024-006 and HPE Security Bulletin hpesbnw04647en_us)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArubanetworks Arubaos
OSArubanetworks10.3.0.0 – 10.4.1.1 (bez)10.5.0.0 – 10.5.1.1 (bez)HP Instantos
OSHp6.4.0.0 – 8.6.0.24 (bez)8.7.0.0 – 8.10.0.11 (bez)
Related vulnerabilities
RCE bez uwierzytelnienia w AP Certificate Management Service (ArubaOS/InstantOS)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS (KRYTYCZNY)
RCE w Soft AP Daemon Service — ArubaOS i InstantOS
Buffer overflow w usłudze SAE Aruba ArubaOS / InstantOS — nieuwierzytelniony RCE
Buffer overflow w CLI service ArubaOS/InstantOS umożliwiający zdalny RCE